KBI 310799 Issue Addressed: Argent For Compliance May Read Empty Event Log Message When Using WMI Method


Argent for Compliance 3.1A-1401-A or below


Friday, 10 Jan 2014


If event message DLL is corrupted or missing, Windows cannot compose the complete message text

If it is viewed in Event Log Viewer, message may be displayed as following:

When Argent for Compliance reads the same event using WMI, WMI only returns empty message instead

The test result may look like following:

Technical Background

Argent for Compliance 3.1A-1401-B has been enhanced to compose a substitute message using insertion strings

The test result may look like following:


Upgrade to Argent AT 3.1A-1401-B or later

Customer, who cannot upgrade, can switch the Rule to use method ‘Automatically Determined‘ or ‘Read Event Log File Directly